[Opensc-devel] [OpenSC/libp11] Unable to enumerate public keys

[Alexandre G. <ale...@tr...>]

Hello OpenSC team,

I have an issue with the latest version of the libp11-0.4.12.
It was working fine with the previous version.

In my test, I am creating EC, EC_EDWARDS and EC_MONTGOMERY keys with the pkcs11-tool.
I can list the objects as you can see below:

Private Key Object; EC
  ID:         30
  Usage:      sign
  Access:     sensitive, always sensitive, extractable, local
  Unique ID:  1bc0000866ac3ec4346a4a8a753fd396fec524fc2d4542b8d20a348ecdafd8e97febccebd40f55232456ab73fea4ede820d409d719153c1bef5f3ba76b0263e8
Private Key Object; EC_EDWARDS
  ID:         31
  Usage:      sign
  Access:     sensitive, always sensitive, extractable, local
  Unique ID:  b80251e75b7c07aa5fd149ea4f408d6b9986de9ed4217f3ded957d9f5d6e48c2cd79c09280f8073efe0289a17e83f18942c7c28fa3830638a0ade67f823cc315
Public Key Object; EC  EC_POINT 256 bits
  EC_POINT:   0441048a17deb5642b21ee7c6582cf0ccef7d3404fb2aa2174e9cab525bd9ebf57a576ba044683fe5331434ca19a9d6c7a1a1122fc482bc1b5e68a0383db1e91575538
  EC_PARAMS:  06082a8648ce3d030107
  ID:         30
  Usage:      verify
  Access:     local
  Unique ID:  b4bda529c0274024287613f2ea0c7968cff6a29b1eaefa32d0dbf3a22b094fbdd8a68a8b0213553cfa9e5877d66d9a131c20de1d0081b1628f9fc859bfa4d2b6
Public Key Object; EC_MONTGOMERY  EC_POINT 32 bytes
  EC_POINT:   04208feef18f8f5f6e8b3eb285244145fd5d200305399e31a3bfa6dd38fcff7b6620
  EC_PARAMS:  130a63757276653235353139 (x25519)
  ID:         32
  Usage:      verify
  Access:     local
  Unique ID:  8d207940a60058acd89251d4da407b48ed87cc7630266ab731a1e4567bed1ff164767da192918f4fcbf85a99ace88c4288e9d94aa8990b6e2f65e85d084e670d
Private Key Object; EC_MONTGOMERY
  ID:         32
  Usage:      sign
  Access:     sensitive, always sensitive, extractable, local
  Unique ID:  99c9f7f54d8952174c6e02b9989c0120f3e1e413cd2582320b8ca74369011b23ad776699924adb389c2c9591eae4d93b9a55ea26662b7391d61e41c90fc9e7d7
Public Key Object; EC_EDWARDS  EC_POINT 32 bytes
  EC_POINT:   042003a700641101974ecb5e4684984b2990e7fe5fea2c16708a465bc8f1d541e13f
  EC_PARAMS:  130c656477617264733235353139 (ed25519)
  ID:         31
  Usage:      verify
  Access:     local
  Unique ID:  1755adc73f371b563a78ddf6189c7cf2078edd05cf18c23504e39c510ff56e804a8fbc1994b31c869b60c66bf71a12a55a737cd5587f0a8cf5848bd532fa1238

But when I am trying to verify a signature with OpenSSL, it is not able to find my public key.

engine "pkcs11" set.
Unable to enumerate public keys
Unable to enumerate public keys
The public key was not found at: pkcs11:id=0
PKCS11_load_public_key returned NULL
cannot load key file from engine
484453151992:error:80068065:pkcs11 engine:ctx_load_pubkey:object not found:/OpenSC_libp11/Out/Code/src/eng_back.c:871:
484453151992:error:26097081:engine routines:ENGINE_load_public_key:failed loading public key:crypto/engine/eng_pkey.c:108:
unable to load key file

That's because in pkcs11_init_key() we now call pkcs11_object_from_handle() but this function does not support the EC_EDWARDS and EC_MONTGOMERY types.
So, the function returns an error, and the enumeration is stopped.
I suggest that in that case, we don't check the error returned by pkcs11_init_key() as you can see the below patch.

diff --git a/src/p11_key.c b/src/p11_key.c
index ec7f279..c849808 100644
--- a/src/p11_key.c
+++ b/src/p11_key.c
@@ -605,8 +605,7 @@ static int pkcs11_next_key(PKCS11_CTX_private *ctx, PKCS11_SLOT_private *slot,
        if (count == 0)
                return 1;

-       if (pkcs11_init_key(slot, session, obj, type, NULL))
-               return -1;
+       pkcs11_init_key(slot, session, obj, type, NULL);

        return 0;
 }

Please, let me know if I should create a pull request.

Regards,
Alexandre.



Trustonic SAS - 535 route de Lucioles, Les Aqueducs Batiment 2, Sophia Antipolis 06560 Valbonne, France - SAS au capital de 3 038 000EUR - RCS Grasse - SIRET 480 011 998 00055 - TVA intracommunautaire : FR02 480 011 998